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DETAILED ACTION 

1. Claims 1-66 are pending. 



Claim Rejections - 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent granted 
on an application for patent by another filed in the United States before the invention by tiie applicant 
for patent, except that an international application filed under the treaty defined in section 35 1(a) shall 
have the effects for purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 21(2) of such 
treaty in the English language. 

3. Claims 1- 66 are rejected under 35 U.S.C. 102(e) as being anticipated by Hubis et 
al, US patent 6,343,324, 

In reference to claim 1 : 

Hubis et al. (Column 1 1, lines 45-57) & (Figure 3b) & (Column 14, line 40 - Column 15, 
line 52) discloses a method for use in a computer system including a plurality of devices, 
a shared resource shared by the plurality of devices, and a network that couples the 
plurality of devices to the shared resource, the method including acts of 

• In response to one of the plurality of devices attempting to access the shared 
resource and representing itself to the shared resource as a first device, 
determining whether the one of the plurality of devices is attempting to access the 
shared resource through a physical connection through the network that is 
different than a first physical connection through the network used by the first 



Application/ConTrol Number: 09/748,053 W Page 3 

Art Unit: 2134 

device to access the shared resource, where the access path qualifier is determined 
by the WWN (Column 1 5, lines 50-52) and comparing it with the table entries. 
• When it is determined in the fact that one of the plurality of devices is attempting 
to access the shared resource through a connection through the network that is 
different than the first physical connection, denying the attempted access by the 
one of the plurality of devices to the shared resource, when the access path is 
found not to be the same, the new host will be denied access. (Column 12, lines 
27-35) 



In reference to claim 3: 

Hubis et al. (Column 9, line 63 - Column 10, line 8) discloses the method of claim 1, 
wherein the network is a Fibre Channel fabric, wherein the one of the plurality of devices 
and the first device each has an assigned world wide name (WWN) and a fabric 
identifier( fabric ID), where the fabric ID is the fibre ID. 

• Wherein the method further includes a step of storing the WWN and the fabric ID 
of the first device in response to an access by the first device to the shared 
resource (Column 9, line 63 - Column 10, line 8) 

• Wherein the act (a) is performed in response to an access, that occurs after the 
access by the first device, by the one of the plurality of devices to the shared 
resource, where the comparing is done by trying to access the logical volume 
(Column 12, lines 27-35) and includes acts of: 

o Examining a value of the WWN presented by the one of the plurality of 
devices to the shared resource to determine that the one of the plurality of 
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devices is representing itself as being the first device, where the WWN is 
examined. 

o Comparing a value of the fabric ID presented by the one of the plurality of 
devices to the stored fabric ID for the first device, where the fabric ID is 
the fiber ID and is used to verify the access path, also used to identify the 
host. (Column 10, lines 33-40) & (Column 9, hne 63 - Column 10, line 8) 

o Determining that the one of the plurality of devices is attempting to access 
the shared resource through a physical connection through the network 
that is different than the first physical connection when the value of the 
fabric ID presented by the one of the plurality of devices mismatches the 
stored fabric ID for the first device, where the fabric ID is the fiber ID 
which determines the access path is used by the access controller to check 
if its valid (Column 10, lines 37-40), and where the fiber ID is further 
compared against the stored fabric IDs in the WWN table entry. (Column 
14, lines 13-22, lines 53-56) 

In reference to claim 4: 

Hubis et al. (Column 9, line 63 - Column 10, line 8) discloses the method of claim 1, 
wherein the network employs a protocol wherein the one of the plurality of devices and 
the first device each has a first identifier that uniquely identifies the device in a manner 
that is independent of a physical configuration of the computer system and a second 
identifier that uniquely identifies the device in a manner that is dependent upon the 
physical configuration of the computer system 
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• Wherein the method further includes a step of storing the first and second 
identifiers of the first device in response to an access by the first device to the 
shared resource. (Column 9, line 63 - Column 10, line 8) 

• Wherein the act (a) is performed in response to an access, that occurs after the 
access by the first device, by the one of the plurality of devices to the shared 
resource, where the comparing is done by trying to access the logical volume 
(Column 12, lines 27-35) and includes acts of 

o Examining a value of the first identifier presented by the one of the 

pluraUty of devices to the shared resource to determine that the one of the 
plurality of devices is representing itself to be the first device, where the 
WWN is examined. 

o Comparing a value of the second identifier presented by the one of the 
plurality of devices to the stored value of the second identifier for the first 
device, where the fabric ID is the fiber ID and is used to verify the access 
path, also used to identify the host. (Column 10, lines 33-40) & (Column 
9, line 63 - Column 10, line 8) 

o Determining that the one of the plurality of devices is attempting to access 
the shared resource through a physical connection through the network 
that is different than the first physical connection through the network that 
is different than the first physical connection when the value of the second 
identifier presented by the one of the plurality of devices mismatches the 
stored value of the second identifier for the first device, where the fabric 
ID is the fiber ID which determines the access path is used by the access 



Application/ConTTbl Number: 09/748,053 W Page 6 

Art Unit: 2134 

controller to check if its valid (Column 10, lines 37-40), and where the 
fiber ID is further compared against the stored fabric IDs in the WWN 
table entry. (Column 14, lines 13-22, lines 53-56) 



In reference to claim 6, 7 , 8: 

Hubis et al (Figures 1 and Figures 2) discloses a process by the entire system that 
performs actions by the partially by storage system, outside the storage system, and a 
device disposed between the storage system and network. 



In reference to claim 23: 

Hubis et al. (Column 9, line 63 - Column 10, line 8) discloses a method for use in a 
computer system including a pluraUty of devices, a storage system shared by the plurality 
of devices, and a network that couples the plurality of devices to the storage system, 
wherein the network employs a protocol wherein each of the plurality of devices has a 
first identifier that uniquely identifies the devices in a manner that is independent of a 
physical configuration of the computer system and a second identifier that uniquely 
identifies the device in a manner that is dependent upon the physical configuration of the 
computer system, the method including acts of 

• In response to a login of a first device of the plurality of devices to the storage 
system, storing the first and second identifiers of the first device, where the values 
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are stored upon accessing the fiber switch to allow access paths to be assigned. 
(Column 9, hne 63 - Column 10, line 8) & (Column 10, lines 30-40) 



• In response to an attempt, subsequent to the act (a), by one of the plurality of 
devices to login to the storage system while representing itself to the storage 
system as the first device, determining whether the one of the plurality of devices 
is attempting to login to the storage system through a physical connection through 
the network that is different than a first physical connection through the network 
used by the first device to login to the storage system in the act(a), including acts 
of 

o (bl) examining a value of the first identifier presented by one of the 
plurality of devices to the storage system to determine that the one of the 
plurality of devices is representing itself to be the first device, where the 
WWN is examined. 



(b2) comparing a value of the second identifier presented by one of the 
plurality of devices to the stored value of the second identifier for the first 
device (Column 9, lines 50-57) 

(b3) determining that the one of the plurality of devices is attempting to 
login to the storage system through a physical connection through the 
network that is different than the first physical connection when the value 
of the second identifier presented by the one of the plurality of the devices 
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mismatches the stored value of the second identifier for the first device, 
where the physical connection is an access path. (Column 10, lines 33-40) 



c) when it is determined in the act (b3) that the one of the plurality of 
devices is attempting to login to the storage system through a physical 
connection through the network that is different than the first physical 
connection, denying the attempted login by the one of the plurality of 
devices to the storage system, (Column 12, lines 4-35) & (Column 11, 
lines 45-57) where the host to controller port information is the access 
path disclosed by the fiber ID, and accessed is denied if the WWN, LUN, 
and host-controller-port information don't match. 



In reference to claim 24: 

Hubis et al. discloses the method of claim 23, wherein the network is a Fibre Channel 
fabric, wherein the first identifier is a world wide name (WWN) and the second identifier 
is a fabric identifier( fabric ID); 

• Wherein the act(a) includes an act of; in response to a login of first device to the 
storage system, storing the WWN and the fabric ID of the first device, where the 
values are stored when the device initially logs into the fabric in order to have an 
access path. (Column 9, line 63- Column 10, line 8) 

• Wherein the act(bl) includes an act of examining a value of the WWN presented 
by the one of the plurality of devices to determine that one of the plurality of 
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devices is representing itself to be the first device, where the WWN is examined 
for in the WWN table. (Column 14, lines 45-55) 

• Wherein the act(b2) includes an act of comparing a value of the fabric ID 
presented by the one of the plurality of devices to the stored value of the fabric ID 
for the first device, v^here the fabric ID is compared in how it maps to the WWN 
table. (Column 14, lines 13-20, 45-55) 

• Wherein the act(b3) includes an act of determining that the one of the plurality of 
devices is attempting to login to the storage system through a physical connection 
through the network that is different than the first physical connection when the 
value of the fabric ID presented by the one of the plurality of devices mismatches 
the stored value of the fabric ID for the first device, (Column 12, lines 4-35) & 
(Column 11, Unes 45-57) where the host to controller port information is the 
access path disclosed by the fiber ID, and accessed is denied if the WWN, LUN, 
and host-controller-port information don't match. 

In reference to claim 27: 

Hubis et al. discloses a method for use in a computer system including a network and 
plurality of devices coupled to the network, the network employing a protocol wherein 
each of the plurality of devices has a first identifier that uniquely identifies the device in a 
manner that is independent of a physical configuration of the computer system and a 
second identifier that uniquely identifies the device in a manner that is dependent upon 
the physical configuration of the computer system, the network including at least one 
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network component that assigns a unique value for the second identifier to each of the 
pluraUty of devices that is logged into the network, the method including acts of 

a) in response to one of the plurality of devices attempting to login to the network 
and representing itself to the network as a first device, determining whether the 
one of the plurality of devices is attempting to login to the network through a port 
that is different than a first port of the network through which the first device 
previously logged into the network, where the host-to-controller port or the access 
path is determined by the fiber ID comparison. (Column 10, lines 33-40) 
• when it is determined in the act (a) that the one of the plurality of devices is 

attempting to access the network through a port that is different than the first port, 
denying the attempted login by the one of the plurality of devices to the network, 
(Column 12, lines 4-35) & (Column 11, lines 45-57) where the host to controller 
port information is the access path disclosed by the fiber ID, and accessed is 
denied if the WWN, LUN, and host-controller-port information don't match. 



In reference to claim 29: 

Hubis et al (Column 11, lines 45-58) discloses the method of claim 27, further including 
an act of preventing at least one of the plurality of devices fi*om transmitting information 
through the network while representing itself with a value for the second identifier that 
differs from its value assigned by the at least one network component, where the 
information is prevented from being transmitted by the logon to the volume being denied. 



In reference to claim 61: 
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Hubis et al. discloses the apparatus of claim 57, wherein the at least one controller 
includes: 

• Means, responsive to the login of a first device of the plurality of devices to the 
storage system, to store the first and second identifiers of the first device in the 
storage device, where the fiber channel ID, the LUN, and the WWN are stored 
upon accessing the fiber switch to allow access paths to be assigned. (Column 9, 
line 63 - Column 10, line 8) & (Column 10, lines 30-40) 

• Means, responsive to an attempt, after the login by the first device, by one of the 
plurality of devices to login to the storage system, while representing itself to the 
storage system as the first device, for examining a value of the first identifier 
presented by the one of the plurality of devices to the storage system to determine 
that the one of the plurality of devices is representing itself to be the first device 
and for comparing a value of the second identifier presented by the one of the 
plurality of devices to the stored value of the second identifier for the first device, 
where the first and second identifiers are the fiber ID and the WWN which are 
both compared for. The WWN is compared for in the table. (Column 11, lines 
45-57) The fiber ID is used to determine the access path and is used to make a 
determination of the physical route (Column 10, Unes 33-40) while also being 
compared for later in the WWN table. (Column 14, lines 50-55) 

• Means for determining that the one of the plurality of devices is attenpting to 
access the storage system through a physical connection used by the first device 
in logging into the storage system when the value of the second identifier 
presented by the one of the plurality of devices mismatches the stored value of the 
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second identifier for the first device, where an attempt is made to match the 
WWN, LUN, and host-to-controller/access path/fiber ID when a request is made 
to access the logical volume. (Column 11, lines 45-57) 
• Means for denying the attempted login by the one of the plurality of devices to the 
storage system when it is determined that the one of the plurahty of devices is 
attempting to login to the storage system through a physical connection through 
the network that is different than the first physical connection, (Column 12, lines 
4-35) & (Column 11, lines 45-57) where the host to controller port information is 
the access path disclosed by the fiber ID, and accessed is denied if the WWN, 
LUN, and host-controller-port information don't match. 



In reference to claim 62: 

Hubis et al. discloses an apparatus for use in a computer system including a network and 
a plurality of devices coupled to the network, the network employing a protocol wherein 
each of the plurality of devices has a first identifier that uniquely identifies the device in a 
manner that is independent of a physical configuration of the computer system and a 
second identifier that uniquely identifies the device in a manner that is dependent upon 
the physical configuration of the computer system, (Column 9, line 62 -Column 10, line 
8) 

the network including at least one network component that assigns a unique value for the 
second identifier to each of the plurality of devices that is logged into the network, the 
apparatus comprising, where the second identifier is the fiber ID (Column 9, hne 62 - 
Column 10, line 8): 
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• At least one input to be coupled to at least one of the plurality of devices, where 
the input is the access request. (Column 12, lines 28-31) 

• At least one controller that is responsive to one of the plurality of devices 
attempting to login to the network and representing itself to the network as a first 
device, to determine whether the one of the plurality of devices is attempting to 
login to the network through a port that is different than a first port of the network 
through which the first device previously logged into the network, and to deny the 
attempted login by the one of the plurality of devices to the network when the one 
of the plurality of devices is attempting to login to the network through a port that 
is different than the first port. (Column 12, lines 28-35) & (Column 11, lines 45- 
57) where the host to controller port information is the access path disclosed by 
the fiber ID. 



In reference to claim 63: 

Hubis et al. discloses (Column 12, lines 25-35) discloses the apparatus of claim 62, in 
combination with a network switch to form at least a portion of the network, wherein the 
at least one controller is disposed within the switch, where the controller is the array 
access controller (Item 104 of Figure 1) and is clearly disposed within the Fabric of 
switches in Figure 2a. 



Claims 2,5,10,14, 17, 20, 28, 32, 33, 36, 41, 45, 48, 51, 54, 55, 56 are substantially 
similar to claim 1 and are rejected for the same reasons. 
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Claims 9, 30, 34, 40, 58, 65 are substantially similar to claim 3 and are rejected for the 
same reasons. 

Claims 13, 3 1, 35, 44, 66 are substantially similar to claim 4 and are rejected for the same 
reasons. 

Claims 1 1, 15, 18, 21, 25, 37, 42, 46, 49, 52, 59 are substantially similar to claim 6 and 
are rejected for the same reasons. 

Claim 38 is substantially similar to claim 7 and is rejected for the same reasons. 

Claims 12, 16, 19, 22, 26, 39, 43, 47, 50, 60 are substantially similar to claim 8 and are 
rejected for the same reasons. 

Claim 57 is substantially similar to claim 23 and is rejected for the same reasons 

Conclusion 

4. The following prior art not reUed upon is made of record. 

• Yamazaki, US patent 6205145 discloses a fiber channel fabric for with a bus 
arbitration controller. 
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• Ito et al, US patent 6684209 discloses a seciirity method and system for storage 



5. Any inquiry concerning this communication from the examiner should be directed 
to Thomas M Ho whose telephone number is (703)305-8029. The examiner can normally 
be reached on M-F from 8:30 AM - 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A. Morse can be reached on (703)308-4789. The fax phone numbers 
for the organization where this application or proceeding is assigned are (703)746-7239 
for regular communications and (703)746-7238 for After Final communications. 
Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703)306-5484. 
TMH 

September 30*, 2004 
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